As the popularity of computer networks has grown, the proliferation of network threats has become more common. Network threats include computer viruses, spyware and malware. A common thread shared by these network threats is that a program or piece of code is loaded onto a computer without the full knowledge or consent of the computer operator.
A computer virus is a program or piece of code that replicates itself and typically tries to load itself in additional computers coupled to an “infected” computer. Spyware is any software that covertly gathers user information through the user's network connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded. Once installed, the spyware monitors user activity and transmits that information in the background to someone else. Some spyware applications can be useful in that dedicated advertising can be pre-arranged and forwarded when a user returns to a particular network location. In other cases, personal and network information can be used to pre-load pages and other interfaces to enhance an operator's network experience. Other spyware applications can be observing operator inputs looking for personal information to exploit. Malware, or malicious software, refers to any software which causes damage to a single computer, server, or computer network.
One way in which a network threat proliferates is to load itself into a computer along with a World Wide Web page that a user of the computer has selected. A World Wide Web page or Web page is a hypertext markup language (HTML) document stored at a specified address on the Internet or an Intranet. Once the network threat has been loaded onto a network coupled computer, the threat can be activated any time thereafter.
To prevent the inadvertent proliferation of network threats, it is desirable to prevent computer users from loading Web pages that load files that include network threats. An effective way to do this is to prevent Web hosting services from linking to Web pages associated with the distribution of network threats. However, finding Web sites that contain infected Web pages and Web pages that link to infected Web pages is a difficult problem. Web pages containing links to infected Web pages are changed constantly by those trying to maximize the spread of the network threat while avoiding detection.
Furthermore, it can be difficult to determine which Web sites contain network threats. U.S. Patent Application Publication 2003/0097591 describes a method, system, and computer program product for protecting computer users from Web sites hosting computer viruses and for protecting Web hosting systems from hosting Web pages that contains links to computer viruses. A disclosed method includes receiving information identifying a Web page selected for access by a user, determining whether the Web page is hosted by a Web site that is included in a database of Web sites related to computer viruses, and allowing access to the Web page based on whether the Web page includes a link to a Web site that is included in the database.
The disclosed method is slow, does not address active threats, and is not focused on the sources of known threats. Accordingly, further improvements are desired.